Desktop virtualization: what's new, what are the trends and where are we going?

Virtualization does not surprise anyone. Today everything is virtualized: servers, applications, workplaces. However, for most ordinary users, this technology is something like that gopher from the DMB film: “you don’t see, I don’t see, but there is one.” However, everything changes when they arrive - virtual workplaces, and instead of a bulky system unit or a laptop, a small box appears on the desk of office workers, a so-called. thin client. Of course, everything may be a little different, but in essence it does not change. We will talk about desktop virtualization, what it is, and what awaits us in the future.

So what is VDI (Virtual Desktop Infrastructure)? It's simple: on a physical server, virtual machines are deployed with user or server operating systems that are accessible via the Internet from anywhere in the world where it is (from 64 Kbps, if the work needs to be done, not considering comfort) from any smart device . At the same time, nothing will change for the user, but for the IT department, the administration situation will change significantly in terms of data access security, availability of jobs, simplicity and cost of maintenance. Despite the relatively high cost of VDI (sometimes several times) compared to terminal access, in the case when isolation of the user's work environment from the client OS at the level of a separate virtual machine is a prerequisite, VDI becomes the most economical option to deploy new outlets and offices regardless from the geography of the company. At the same time, all the functionality of field staff is retained and the risk of leakage of confidential corporate information is significantly reduced due to centralized management of operational data.

VDI or terminal access: selection criteria

The main vendors of VDI solutions actively advertise VDI as a must have for medium and small companies, but, hand on hand, small and medium businesses do not need virtual desktops at the price at which they are offered. Even if you suddenly need strict adherence to security policies, terminal access is more than enough. By terminal access, in the most general terms, we mean remote access of many users to applications running within the server operating system, common for all users, with uniform low-level system processes, etc. This is the main difference from VDI, where for each user a separate virtual machine will be deployed on the hardware server with the operating system and the applications required by a particular user. There is also an advantageous hybrid scheme when the user is connected to the server OS, but 1 user = 1 virtual machine. This is the so-called “server VDI”, which combines the advantages of a terminal solution and desktop virtualization.
')
In terms of savings, terminal services remain the preferred option. If there are no restrictions (the main problem of the terminal mode is that it is a server operating system and a multi-user system), then the company continues to use virtual services as the most economical option. What restrictions can be:

1. The manufacturer of the application says that it does not support the application in a terminal environment. In this case, it can work there perfectly normal, but if something happens, the vendor will refuse to support. For example, Autodesk Autocad. Until a certain version, it was not officially supported in the terminal environment, but it worked properly in it. However , Autodesk Autocad Map 3D was supported , which, in functional terms, was almost the same as Autodesk Autocad.
   
   
2. Self-developed applications written with a departure from best practices. For example, undocumented functions or calls are used, as a result, the application is “tied” to one specific OS version and cannot be transferred to any other version - client or server. Often, such applications can not be transferred anywhere without either losing some of the functions or not working at all.
   
   
3. Outdated or “file-edited” applications that require administrative rights on startup. On a local machine, this is a normal situation, but in terminal mode, each user running such software will work under administrator rights, and if he decides, for example, to turn off the server, since he is an administrator, he can do this and all other users on this server will remain without access to their jobs.
   
   
4. The application works, everyone is happy, but it periodically causes the blue screen to drop. For example, if it falls on a personal PC once a month - do not worry. But if it works in a terminal environment for 100 users, it will statistically begin to fall 3 times a day.

In these 4 scenarios, it is recommended to use virtual desktops instead of terminal services.

VDI hypervisor

Let's make a reservation: under VDI, we are considering projects for the introduction of virtualization of jobs in a predominantly large business. What are they built on, and what are the options?



In fact, today there are only two options for the virtual workplace infrastructure (terminal access and “server VDI” mentioned above are also often used to solve VDI tasks, but we will not consider them as full VDI): hypervisor and container. Hypervisor is the most common, and it is to this type that most popular virtualization solutions from manufacturers such as Microsoft, VMware and Citrix belong. And due to the fact that this model is the most common, it has a lot of debugged "chips" that are not available in the case of "containers". For example, the function of direct connection of an additional GPU, which is often required in design and design offices. This technology (GRID Virtual GPU) is fully supported by the XenServer hypervisor. Consider the same software to provide remote access to the desktops of Citrix XenApp and XenDesktop.

Today, XenApp and XenDesktop architecturally do not differ from each other. The only thing that technically distinguishes them is the agent that is installed on the client OS — VDI (often called XenDesktop) or on the server OS — the terminal server (which is meant by XenApp). However, we must not forget that in XenDesktop, starting with the Enterprise edition, both VDI and terminal services are included. Previously, before version 7, technically they were two different products - a different architecture, management consoles. And if the user seemed to have a single system, then the administrator was more difficult: in fact, the solution included both terminal services and virtual desktops, each of which had to be configured separately in different places. Now the solution has a single console for the terminal version and virtual desktops, a single web portal where you can monitor the status of the system (Desktop Director), the status of a specific machine, and much more.

Citrix desktop virtualization infrastructure runs on any hypervisor: XenServer, Microsoft Hyper-V, VMware ESXi, and Nutanix Acropolis. These are four hypervisors, where the system can automatically create virtual machines, delete them, restart, shut down. Accordingly, when changing the hypervisor, you can seamlessly switch from one to another. In the case of other hypervisors, XenDesktop will perceive virtual machines as physical, without the possibility of their automatic creation, deletion and management.

With the help of XenDesktop you can actually replace the workplace of any employee. This solution uses its proprietary data transfer protocol. If it is not possible to use an agent that is placed on the client workstation, the own (Citrix) implementation of HTML5 is used. This is one of the differences from the products of some other vendors who have one licensed protocol, the second one is self-developed.
Even if one of the customers still has industrial UNIX (AIX, HP Unix, Solaris), then within XenApp and XenDesktop, starting with the Enterprise edition, it is possible to install XenApp for UNIX. Accordingly, Citrix products are supported by Windows server operating systems and various Linux variants. If you want to use the offline mode of operation, then there is a separate Desktop Player product that runs on Mac and Windows laptops. This is a corporate solution that does not imply that the end user himself can deploy a virtual machine, this can be done only with the help of an administrator.

When asking “what to choose?”, It is necessary to proceed not from the specific desired product, but from the restrictions imposed by the applications, their licensing options, user requirements and the cost of the entire solution. Pure XenApp is licensed only as a competitive user. XenDesktop can be licensed both as a competitive user and as a user / device, that is, there is no separate license for the user and device. In this case, the license server logic works, which selects which option to switch to, so that the least number of licenses is consumed during current usage.

The difference in the license cost of a user / device versus a competitive user (XenApp and XenDesktop) is approximately two times. Sometimes it turns out that the customer needs XenApp, but it is more profitable for him to buy XenDesktop, which is sold under a user-device licensing scheme. He will get what he needs twice as cheap, but at the same time he will be able to connect virtual desktops later if necessary.

VDI container and from the cloud

Now let's talk about container virtualization. Today it is exotic, the most famous example of such technology is Parallels Containers for Windows. The main advantage of this option is much greater compared to traditional VDI (but less than terminal services) density of users on the server (up to 250 seats), and in some cases the opportunity to save a little on Microsoft software licenses. Container virtualization combines a number of advantages, but also a number of drawbacks that are passed to it from VDI and terminal services. Before the release of Windows Server 2016, Microsoft did not support container technologies at all, and companies that implemented this product into their infrastructure, when any update to the server operating system (and this is the desktop server operating system), had to wait for Parallels to check and install the corresponding update. . Now, after the release of Windows Server 2016, and the official support for Windows Container technology within the OS, the situation may change.

Container-based virtualization technology works in the OS kernel (Windows Server 2008/2012), which makes it possible to split kernel objects between containers, thereby isolating them from each other. Each container has its own set of processes, sessions and drivers, as well as the registry and the tree of kernel objects. At the same time, a complete virtualization of desktops is achieved, and users do not notice any difference compared to the classic version, because they see the desktop server OS, with special themes “repainted” into its usual client operating system. On average, this option requires one and a half times less computing and storage resources than in the case of a hypervisor. This is not to say that this option is unequivocally more economical than the classic VDI, but under certain conditions, the savings on the computing power of the server part can become the main one and justify implementation from a business point of view. It should be said that at the moment it is still not fully recognized desktop virtualization technology (Microsoft still does not provide support for this version of VDI) and some of the features available in hypervisible virtualization are not available in containers.

Here are the current approaches to VDI. What next? And then the path goes "into the clouds." For example, today in VMware Horison 7 in the Enterprise version the launch of desktops and applications using cloud automation has been implemented. However, it is worth considering that according to the licensing rules of Microsoft, currently, delivery of client desktop from a public cloud is prohibited . The only relief is made for Citrix products. In early 2016, Citrix and Microsoft announced that the only legal option would be XenDesktop deployed in the Microsoft Azure cloud. In this case, you can give the user to Windows 10 as a desktop. XenDesktop can now be deployed out of the box in Amazon Web Services, Microsoft Azure cloud environments or within the Cloud Platform.

So far, these are only the beginnings of "inclusion" in the product of virtualization of cloud environments, but the reality of IT with the ever-increasing number of "..aaS" suggests that the abbreviation "VDI-as-a-Service" may also appear. Support for competitor software products is being implemented, as well as work with the maximum number of OS and software, both open and proprietary. What awaits VDI - time will tell, but it is obvious that the transformation does not stop, it becomes more accessible and easier. Perhaps we will find those times when the fat client will be completely ousted by the thin one.